Fixes from peer review. Improved compatibility of API's. Clarification on integer.h mp_digit sizes.

src/internal.c

@@ -19810,6 +19810,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
             #ifndef NO_DH
                 case diffie_hellman_kea:
                 {
+                    word32 sigLen;
                     ssl->buffers.sig.length = ENCRYPT_LEN;
                     ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
                                             ssl->heap, DYNAMIC_TYPE_SIGNATURE);
@@ -19853,11 +19854,13 @@ int SendClientKeyExchange(WOLFSSL* ssl)
                     }
 
                     /* for DH, encSecret is Yc, agree is pre-master */
+                    sigLen = ssl->buffers.sig.length;
                     ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
-                        ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
+                        ssl->buffers.sig.buffer, &sigLen,
                         args->encSecret, &args->encSz);
 
                     /* set the max agree result size */
+                    ssl->buffers.sig.length = (unsigned int)sigLen;
                     ssl->arrays->preMasterSz = ENCRYPT_LEN;
                     break;
                 }
@@ -20875,10 +20878,11 @@ int SendCertificateVerify(WOLFSSL* ssl)
         #ifdef HAVE_ECC
            if (ssl->hsType == DYNAMIC_TYPE_ECC) {
                 ecc_key* key = (ecc_key*)ssl->hsKey;
+                word32 sigLen = ssl->buffers.sig.length;
 
                 ret = EccSign(ssl,
                     ssl->buffers.digest.buffer, ssl->buffers.digest.length,
-                    ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
+                    ssl->buffers.sig.buffer, &sigLen,
                     key,
             #ifdef HAVE_PK_CALLBACKS
                     ssl->buffers.key
@@ -20886,6 +20890,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                     NULL
             #endif
                 );
+                ssl->buffers.sig.length = (unsigned int)sigLen;
             }
         #endif /* HAVE_ECC */
         #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)
@@ -21681,6 +21686,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                     case diffie_hellman_kea:
                 #endif
                     {
+                        word32 dhPrivLen, dhPubLen;
+
                         /* Allocate DH key buffers and generate key */
                         if (ssl->buffers.serverDH_P.buffer == NULL ||
                             ssl->buffers.serverDH_G.buffer == NULL) {
@@ -21747,11 +21754,13 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                             }
                         }
 
+                        dhPrivLen = ssl->buffers.serverDH_Priv.length;
+                        dhPubLen = ssl->buffers.serverDH_Pub.length;
                         ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
-                            ssl->buffers.serverDH_Priv.buffer,
-                            &ssl->buffers.serverDH_Priv.length,
-                            ssl->buffers.serverDH_Pub.buffer,
-                            &ssl->buffers.serverDH_Pub.length);
+                            ssl->buffers.serverDH_Priv.buffer, &dhPrivLen,
+                            ssl->buffers.serverDH_Pub.buffer, &dhPubLen);
+                        ssl->buffers.serverDH_Priv.length = (unsigned int)dhPrivLen;
+                        ssl->buffers.serverDH_Pub.length = (unsigned int)dhPubLen;
                         break;
                     }
                 #endif /* !NO_DH && (!NO_PSK || !NO_RSA) */

src/tls13.c

@@ -5395,15 +5395,17 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         {
         #ifdef HAVE_ECC
            if (ssl->hsType == DYNAMIC_TYPE_ECC) {
+                word32 sigLen = sig->length;
                 ret = EccSign(ssl, args->sigData, args->sigDataSz,
                     args->verify + HASH_SIG_SIZE + VERIFY_HEADER,
-                    &sig->length, (ecc_key*)ssl->hsKey,
+                    &sigLen, (ecc_key*)ssl->hsKey,
             #ifdef HAVE_PK_CALLBACKS
                     ssl->buffers.key
             #else
                     NULL
             #endif
                 );
+                sig->length = (unsigned int)sigLen;
                 args->length = (word16)sig->length;
             }
         #endif /* HAVE_ECC */
@@ -5423,8 +5425,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
         #endif
         #ifndef NO_RSA
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
-
-                ret = RsaSign(ssl, sig->buffer, sig->length,
+                ret = RsaSign(ssl, sig->buffer, (word32)sig->length,
                     args->verify + HASH_SIG_SIZE + VERIFY_HEADER, &args->sigLen,
                     args->sigAlgo, ssl->suites->hashAlgo,
                     (RsaKey*)ssl->hsKey,
@@ -5459,7 +5460,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
                 /* check for signature faults */
                 ret = VerifyRsaSign(ssl, args->sigData, args->sigLen,
-                    sig->buffer, sig->length, args->sigAlgo,
+                    sig->buffer, (word32)sig->length, args->sigAlgo,
                     ssl->suites->hashAlgo, (RsaKey*)ssl->hsKey,
                     ssl->buffers.key
                 );
@@ -5777,7 +5778,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
             if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
                 WOLFSSL_MSG("Doing RSA peer cert verify");
 
-                ret = RsaVerify(ssl, sig->buffer, sig->length, &args->output,
+                ret = RsaVerify(ssl, sig->buffer, (word32)sig->length, &args->output,
                     args->sigAlgo, args->hashAlgo, ssl->peerRsaKey,
                 #ifdef HAVE_PK_CALLBACKS
                     &ssl->buffers.peerRsaKey

wolfssl/ssl.h

@@ -347,7 +347,7 @@ typedef struct WOLFSSL_X509_OBJECT {
 
 typedef struct WOLFSSL_BUFFER_INFO {
     unsigned char* buffer;
-    word32 length;
+    unsigned int length;
 } WOLFSSL_BUFFER_INFO;
 
 typedef struct WOLFSSL_X509_STORE_CTX {

wolfssl/wolfcrypt/integer.h

@@ -118,17 +118,18 @@ extern "C" {
    typedef unsigned long      mp_word;
    /* don't define DIGIT_BIT, so its calculated below */
 #elif defined(NO_64BIT)
-   /* 32-bit */
+   /* 32-bit forced to 16-bit */
    typedef unsigned short     mp_digit;
    typedef unsigned int       mp_word;
    #define DIGIT_BIT          12
 #elif defined(MP_64BIT)
+   /* 64-bit */
    /* for GCC only on supported platforms */
    typedef unsigned long long mp_digit;  /* 64 bit type, 128 uses mode(TI) */
    typedef unsigned long      mp_word __attribute__ ((mode(TI)));
    #define DIGIT_BIT          60
 #else
-   /* this is the default case, 28-bit digits */
+   /* 32-bit default case */
 
    #if defined(_MSC_VER) || defined(__BORLANDC__)
       typedef unsigned __int64   ulong64;

wolfssl/wolfcrypt/types.h

@@ -120,7 +120,7 @@
 
 #elif defined(WC_16BIT_CPU)
         #undef WORD64_AVAILABLE
-        typedef unsigned short wolfssl_word;
+        typedef word16 wolfssl_word;
         #define MP_16BIT  /* for mp_int, mp_word needs to be twice as big as
                              mp_digit, no 64 bit type so make mp_digit 16 bit */